当前位置: 首页>>代码示例>>C++>>正文


C++ TaintedTrace类代码示例

本文整理汇总了C++中TaintedTrace的典型用法代码示例。如果您正苦于以下问题:C++ TaintedTrace类的具体用法?C++ TaintedTrace怎么用?C++ TaintedTrace使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了TaintedTrace类的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: jsHTMLDocumentPrototypeFunctionWrite

EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWrite(ExecState* exec)
{
    JSValue thisValue = exec->hostThisValue();
    if (!thisValue.inherits(&JSHTMLDocument::s_info))
        return throwVMTypeError(exec);
    JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#ifdef JSC_TAINTED
/*
if we comment out the following code segement and move the detection to bindings/js/JSHTMLDocumentCustom.cpp
one of the test case like below cannot be detected anymore. need to investigate the reason behind.
document.write("hello"+document.location.href.substring(document.location.href.indexOf("default=")+8));\

the guess is the following code does not cover the primitive string.
*/
    JSValue s = exec->argument(0);
    if (s.isString() && s.isTainted()) {
        HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
        d1->setTainted(s.isTainted());

	TaintedStructure trace_struct;
	trace_struct.taintedno = s.isTainted();
	trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
	trace_struct.jsfunc = "document.write";
	trace_struct.action = "sink";

	char msg[20];
	stringstream msgss;
	snprintf(msg, 20, "%s", s.toString(exec).utf8(true).data());
	msgss << msg;
	msgss >> trace_struct.value;

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);
    }
开发者ID:dmitris,项目名称:tpjs,代码行数:34,代码来源:JSHTMLDocument.cpp

示例2: jsLocationOrigin

JSValue jsLocationOrigin(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSLocation* castedThis = static_cast<JSLocation*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    Location* imp = static_cast<Location*>(castedThis->impl());
    JSValue result = jsString(exec, imp->origin());
#ifdef JSC_TAINTED
    TaintedCounter* counter = TaintedCounter::getInstance();
    unsigned int tainted = counter->getCount();
    result.setTainted(tainted);

    TaintedStructure trace_struct;
    trace_struct.taintedno = tainted;
    trace_struct.internalfunc = "jsLocationOrigin";
    trace_struct.jsfunc = "location.origin";
    trace_struct.action = "source";

    char msg[20];
    stringstream msgss;
    snprintf(msg, 20, "%s", result.toString(exec).utf8(true).data());
    msgss << msg;
    msgss >> trace_struct.value;

    TaintedTrace* trace = TaintedTrace::getInstance();
    trace->addTaintedTrace(trace_struct);
#endif
    return result;
}
开发者ID:dmitris,项目名称:tpjs,代码行数:28,代码来源:JSLocation.cpp

示例3: impl

JSValue JSLocation::toStringFunction(ExecState* exec)
{
    Frame* frame = impl()->frame();
    if (!frame || !allowsAccessFromFrame(exec, frame))
        return jsUndefined();

#if defined(JSC_TAINTED)
    JSValue s = jsString(exec, impl()->toString());
    TaintedCounter* counter = TaintedCounter::getInstance();
    unsigned int tainted = counter->getCount();
    s.setTainted(tainted);

    TaintedStructure trace_struct;
    trace_struct.taintedno = tainted;
    trace_struct.internalfunc = "JSLocation::toStringFunction";
    trace_struct.jsfunc = "";
    trace_struct.action = "source";
    trace_struct.value = TaintedUtils::UString2string(s.toString(exec));

    TaintedTrace* trace = TaintedTrace::getInstance();
    trace->addTaintedTrace(trace_struct);

    return s;
#else
    return jsString(exec, impl()->toString());
#endif
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:27,代码来源:JSLocationCustom.cpp

示例4: jsHTMLElementInnerHTML

JSValue jsHTMLElementInnerHTML(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->innerHTML());
#ifdef JSC_TAINTED
    if (imp->tainted()) {
        unsigned int tainted = imp->tainted();
        result.setTainted(imp->tainted());

        TaintedStructure trace_struct;
        trace_struct.taintedno = tainted;
        trace_struct.internalfunc = "jsHTMLElementInnerHTML";
        trace_struct.jsfunc = "htmlelement.innerHTML";
        trace_struct.action = "propagate";

	char msg[20];
	stringstream msgss;
	snprintf(msg, 20, "%s", result.toString(exec).utf8(true).data());
	msgss << msg;
	msgss >> trace_struct.value;

        TaintedTrace* trace = TaintedTrace::getInstance();
        trace->addTaintedTrace(trace_struct);
    }
开发者ID:dmitris,项目名称:tpjs,代码行数:26,代码来源:JSHTMLElement.cpp

示例5: jsHTMLDocumentPrototypeFunctionWrite

EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWrite(ExecState* exec)
{
    JSValue thisValue = exec->hostThisValue();
    if (!thisValue.inherits(&JSHTMLDocument::s_info))
        return throwVMTypeError(exec);
    JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#if defined(JSC_TAINTED)
/*
if we comment out the following code segement and move the detection to bindings/js/JSHTMLDocumentCustom.cpp
one of the test case like below cannot be detected anymore. need to investigate the reason behind.
document.write("hello"+document.location.href.substring(document.location.href.indexOf("default=")+8));\

the guess is the following code does not cover the primitive string.
*/
    JSValue s = exec->argument(0);
    if (s.isString() && s.isTainted()) {
        HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
        d1->setTainted(s.isTainted());

	TaintedStructure trace_struct;
	trace_struct.taintedno = s.isTainted();
	trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
	trace_struct.jsfunc = "document.write";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(s.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);
    }
    if (s.inherits(&StringObject::s_info)) {
        unsigned int tainted = asStringObject(s)->isTainted();
        if (tainted) {
            HTMLDocument* d2 = static_cast<HTMLDocument*>(castedThis->impl());
            d2->setTainted(tainted);

	    TaintedStructure trace_struct;
	    trace_struct.taintedno = tainted;
	    trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWrite";
	    trace_struct.jsfunc = "document.write";
	    trace_struct.action = "sink";
	    trace_struct.value = TaintedUtils::UString2string(s.toString(exec));

	    TaintedTrace* trace = TaintedTrace::getInstance();
	    trace->addTaintedTrace(trace_struct);
        }
    }
#endif
    return JSValue::encode(castedThis->write(exec));
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:49,代码来源:JSHTMLDocument.cpp

示例6: setJSHTMLElementOuterText

void setJSHTMLElementOuterText(ExecState* exec, JSObject* thisObject, JSValue value)
{
#if defined(JSC_TAINTED)
    unsigned int tainted = TaintedUtils::isTainted(exec, value);
#endif
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    imp->setOuterText(valueToStringWithNullCheck(exec, value), ec);
    setDOMException(exec, ec);
#if defined(JSC_TAINTED)
    unsigned int imp_tainted = imp->tainted();

    if (tainted) {
    	imp->setTainted(tainted);
	imp->document()->setTainted(tainted);

	TaintedStructure trace_struct;
	trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementOuterText";
	trace_struct.jsfunc = "HTMLElement.outerText";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    } else if (imp_tainted == imp->document()->tainted() 
	&& imp_tainted != 0
	&& !tainted) {

	TaintedStructure trace_struct;
	trace_struct.taintedno = 0;
	// trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementOuterText";
	trace_struct.jsfunc = "HTMLElement.outerText";
	trace_struct.action = "reset";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    	imp->setTainted(0);
    }
#endif
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:46,代码来源:JSHTMLElement.cpp

示例7: jsHTMLDocumentPrototypeFunctionWriteln

EncodedJSValue JSC_HOST_CALL jsHTMLDocumentPrototypeFunctionWriteln(ExecState* exec)
{
    JSValue thisValue = exec->hostThisValue();
    if (!thisValue.inherits(&JSHTMLDocument::s_info))
        return throwVMTypeError(exec);
    JSHTMLDocument* castedThis = static_cast<JSHTMLDocument*>(asObject(thisValue));
#if defined(JSC_TAINTED)
    JSValue s = exec->argument(0);
    if (s.isString() && s.isTainted() > 0) {
        HTMLDocument* d1 = static_cast<HTMLDocument*>(castedThis->impl());
        d1->setTainted(s.isTainted());

	TaintedStructure trace_struct;
	trace_struct.taintedno = s.isTainted();
	trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWriteln";
	trace_struct.jsfunc = "document.writeln";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(s.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);
    }
    if (s.inherits(&StringObject::s_info)) {
	unsigned int tainted = asStringObject(s)->isTainted();
        if (tainted) {
            HTMLDocument* d2 = static_cast<HTMLDocument*>(castedThis->impl());
            d2->setTainted(tainted);

	    TaintedStructure trace_struct;
	    trace_struct.taintedno = tainted;
	    trace_struct.internalfunc = "jsHTMLDocumentPrototypeFunctionWriteln";
	    trace_struct.jsfunc = "document.writeln";
	    trace_struct.action = "sink";
	    trace_struct.value = TaintedUtils::UString2string(s.toString(exec));

	    TaintedTrace* trace = TaintedTrace::getInstance();
	    trace->addTaintedTrace(trace_struct);
        }
    }
#endif
    return JSValue::encode(castedThis->writeln(exec));
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:42,代码来源:JSHTMLDocument.cpp

示例8: setJSLocationHash

void setJSLocationHash(ExecState* exec, JSObject* thisObject, JSValue value)
{
#ifdef JSC_TAINTED
    unsigned int tainted = 0;
    if (value.isString() && value.isTainted()) {
	tainted = value.isTainted();
    }
    if (value.inherits(&StringObject::s_info) && asStringObject(value)->isTainted()) {
	tainted = asStringObject(value)->isTainted();
    }
    if (value.isObject()) {
        UString s = value.toString(exec);
        if (s.isTainted()) {
		tainted = s.isTainted();
	}
    }
    if (tainted) {
        JSLocation* castedThis = static_cast<JSLocation*>(thisObject);
	Location* imp = static_cast<Location*>(castedThis->impl());
        imp->frame()->document()->setTainted(tainted);

	TaintedStructure trace_struct;
	trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSLocationHash";
	trace_struct.jsfunc = "location.hash";
	trace_struct.action = "sink";

	char msg[20];
	stringstream msgss;
	snprintf(msg, 20, "%s", value.toString(exec).utf8(true).data());
	msgss << msg;
	msgss >> trace_struct.value;

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);
    }
#endif
    static_cast<JSLocation*>(thisObject)->setHash(exec, value);
}
开发者ID:dmitris,项目名称:tpjs,代码行数:39,代码来源:JSLocation.cpp

示例9: jsHTMLElementOuterText

JSValue jsHTMLElementOuterText(ExecState* exec, JSValue slotBase, const Identifier&)
{
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(asObject(slotBase));
    UNUSED_PARAM(exec);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    JSValue result = jsString(exec, imp->outerText());
#if defined(JSC_TAINTED)
    if (imp->tainted()) {
        unsigned int tainted = imp->tainted();
        result.setTainted(imp->tainted());

        TaintedStructure trace_struct;
        trace_struct.taintedno = tainted;
        trace_struct.internalfunc = "jsHTMLElementOuterText";
        trace_struct.jsfunc = "htmlelement.outerText";
        trace_struct.action = "propagate";
	trace_struct.value = TaintedUtils::UString2string(result.toString(exec));

        TaintedTrace* trace = TaintedTrace::getInstance();
        trace->addTaintedTrace(trace_struct);
    }
#endif
    return result;
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:24,代码来源:JSHTMLElement.cpp

示例10: only

/*
|-------------------|	  |----------------|	       |------------------------------|
| string passing in | --> | is it tainted? | --> Y --> | taint the element / document | (bad approach, need to reset the document taint)
|___________________|	  |________________|	       |______________________________| 
					   |
					   |	       |-------------------|
					   | --> Y --> | taint the element | (best approach)
						       |-------------------|
the ideal implementation is to set the element as tainted only (no need to set the doucment as tainted), and then the js can detect the element is tainted or not.
however, i found that js level detection does not work for the element now, so i tainted the document for reporting.
this method has the side effect, if the element is untatined, then we need to clear the tainted flag of the document.
*/
void setJSHTMLElementInnerHTML(ExecState* exec, JSObject* thisObject, JSValue value)
{
#if defined(JSC_TAINTED)
    unsigned int tainted = TaintedUtils::isTainted(exec, value);
#endif
    JSHTMLElement* castedThis = static_cast<JSHTMLElement*>(thisObject);
    HTMLElement* imp = static_cast<HTMLElement*>(castedThis->impl());
    ExceptionCode ec = 0;
    imp->setInnerHTML(valueToStringWithNullCheck(exec, value), ec);
    setDOMException(exec, ec);
#if defined(JSC_TAINTED)
    unsigned int imp_tainted = imp->tainted();

    if (tainted) {
// cerr 
/*
	char cid[50];
	JSValue id = jsString(exec, imp->getAttribute(WebCore::HTMLNames::idAttr));
	UString sid = id.toString(exec);
	snprintf(cid, 50, "%s", sid.utf8(true).data());
	cerr << "setJSHTMLElementInnerHTML:SETTING:" << cid << ":" << tainted << ":" << imp_tainted << endl;
*/
// cerr

	//
	// i dont know why this tainted flag cannot be queried from js level
	// seems like the HTML element is persistent, but it is not the right HTML element, so need to loop through and find out
	//
    	imp->setTainted(tainted);
	imp->document()->setTainted(tainted);

	TaintedStructure trace_struct;
	trace_struct.taintedno = tainted;
	trace_struct.internalfunc = "setJSHTMLElementInnerHTML";
	trace_struct.jsfunc = "HTMLElement.innerHTML";
	trace_struct.action = "sink";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    // 
    // this condition really difficult to understand. 
    // wanna to reset the innerHTML of this element if it is tainted and passing in string is not tainted.
    // there is a problem in this code, it is silly to do it, as if the imp->setTainted() is supposed to be work, then there is no need to do in this way.
    //
    } else if (imp_tainted == imp->document()->tainted() 
	&& imp_tainted != 0
	&& !tainted) {

// cerr
/*
	char cid[50];
	JSValue id = jsString(exec, imp->getAttribute(WebCore::HTMLNames::idAttr));
	UString sid = id.toString(exec);
	snprintf(cid, 50, "%s", sid.utf8(true).data());
	cerr << "setJSHTMLElementInnerHTML:RESETTING:" << cid << endl;
*/
// cerr

	TaintedStructure trace_struct;
	trace_struct.taintedno = 0;
	// trace_struct.taintedno = imp_tainted;
	trace_struct.internalfunc = "setJSHTMLElementInnerHTML";
	trace_struct.jsfunc = "HTMLElement.innerHTML";
	trace_struct.action = "reset";
	trace_struct.value = TaintedUtils::UString2string(value.toString(exec));

	TaintedTrace* trace = TaintedTrace::getInstance();
	trace->addTaintedTrace(trace_struct);

    	imp->setTainted(0);
    }
#endif
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:87,代码来源:JSHTMLElement.cpp

示例11: documentWrite

static inline void documentWrite(ExecState* exec, HTMLDocument* document, NewlineRequirement addNewline)
{
    // DOM only specifies single string argument, but browsers allow multiple or no arguments.

    size_t size = exec->argumentCount();

    UString firstString = exec->argument(0).toString(exec);
#if defined(JSC_TAINTED)
    unsigned int tainted = 0;
    if (firstString.isTainted()) {
	TaintedStructure trace_struct;
        trace_struct.taintedno = firstString.isTainted();
        trace_struct.internalfunc = "documentWrite";
        trace_struct.jsfunc = "document.write/writeln";
        trace_struct.action = "sink";
        trace_struct.value = TaintedUtils::UString2string(firstString);

        TaintedTrace* trace = TaintedTrace::getInstance();
        trace->addTaintedTrace(trace_struct);
	tainted = firstString.isTainted();
    }
#endif
    SegmentedString segmentedString = ustringToString(firstString);
    if (size != 1) {
        if (!size)
            segmentedString.clear();
        else {
            for (size_t i = 1; i < size; ++i) {
                UString subsequentString = exec->argument(i).toString(exec);
#if defined(JSC_TAINTED)
	        unsigned int c_tainted = 0;
    		if (subsequentString.isTainted()) {
		    c_tainted = subsequentString.isTainted();
		}
		if (c_tainted) {
		    TaintedStructure trace_struct;
		    trace_struct.taintedno = c_tainted;
		    trace_struct.internalfunc = "documentWrite";
		    trace_struct.jsfunc = "document.write/writeln";
		    trace_struct.action = "sink";
		    trace_struct.value = TaintedUtils::UString2string(subsequentString);

		    TaintedTrace* trace = TaintedTrace::getInstance();
		    trace->addTaintedTrace(trace_struct);
		    tainted = c_tainted;
    		}
#endif
                segmentedString.append(SegmentedString(ustringToString(subsequentString)));
            }
        }
    }

    if (addNewline)
        segmentedString.append(SegmentedString(String(&newlineCharacter, 1)));

    Document* activeDocument = asJSDOMWindow(exec->lexicalGlobalObject())->impl()->document();
    document->write(segmentedString, activeDocument);
#if defined(JSC_TAINTED)
    if (tainted) {
	activeDocument->setTainted(tainted);
    }
#endif
}
开发者ID:dpnishant,项目名称:tpjs,代码行数:63,代码来源:JSHTMLDocumentCustom.cpp


注:本文中的TaintedTrace类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。